On Tue, Mar 25, 2008 at 14:26:34 +0000, "\"Jóhann B. Guðmundsson\"" <johannbg@xxxxx> wrote: > > All I was suggesting that where you "hash" encrypt in anaconda there > would be a notification > telling the user(s) that thou he encrypted the drive it would be > vulnerable to "cold boot" attack. > something along with line it's better to encrypt but it's not secure > even thou governments and corporates have claimed it to be. > > No need to be promoting false security.. While the various methods of dumping memory contents in order to retrieve a liuks partion key are real, the fact they they exist doesn't make using luks encryption insecure. You may also need to worry about keyloggers, cameras, shoulder surfing getting the box hacked while the file systems are mounted and connected to a network or even the old rubber hose method. That depends on your threat model. I am not sure a warning at that point is worthwhile. Instead the limitations of encrypted file systems should be covered in the same place(s) the feature is documented. If the install points the user to anything during the install process it should be to the feature description (possibly in the release notes if it is well documented there). -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
